<!doctype html>

<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>uncheckedconversions.js (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>


  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>

<div class="clear"></div>

<h2><a href="local_closure_goog_html_uncheckedconversions.js.html">uncheckedconversions.js</a></h2>

<pre class="prettyprint lang-js">
<a name="line1"></a>// Copyright 2013 The Closure Library Authors. All Rights Reserved.
<a name="line2"></a>//
<a name="line3"></a>// Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
<a name="line4"></a>// you may not use this file except in compliance with the License.
<a name="line5"></a>// You may obtain a copy of the License at
<a name="line6"></a>//
<a name="line7"></a>//      http://www.apache.org/licenses/LICENSE-2.0
<a name="line8"></a>//
<a name="line9"></a>// Unless required by applicable law or agreed to in writing, software
<a name="line10"></a>// distributed under the License is distributed on an &quot;AS-IS&quot; BASIS,
<a name="line11"></a>// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<a name="line12"></a>// See the License for the specific language governing permissions and
<a name="line13"></a>// limitations under the License.
<a name="line14"></a>
<a name="line15"></a>/**
<a name="line16"></a> * @fileoverview Unchecked conversions to create values of goog.html types from
<a name="line17"></a> * plain strings.  Use of these functions could potentially result in instances
<a name="line18"></a> * of goog.html types that violate their type contracts, and hence result in
<a name="line19"></a> * security vulnerabilties.
<a name="line20"></a> *
<a name="line21"></a> * Therefore, all uses of the methods herein must be carefully security
<a name="line22"></a> * reviewed.  Avoid use of the methods in this file whenever possible; instead
<a name="line23"></a> * prefer to create instances of goog.html types using inherently safe builders
<a name="line24"></a> * or template systems.
<a name="line25"></a> *
<a name="line26"></a> * @visibility {//closure/goog/html:approved_for_unchecked_conversion}
<a name="line27"></a> * @visibility {//closure/goog/bin/sizetests:__pkg__}
<a name="line28"></a> */
<a name="line29"></a>
<a name="line30"></a>
<a name="line31"></a>goog.provide(&#39;goog.html.uncheckedconversions&#39;);
<a name="line32"></a>
<a name="line33"></a>goog.require(&#39;goog.asserts&#39;);
<a name="line34"></a>goog.require(&#39;goog.html.SafeHtml&#39;);
<a name="line35"></a>goog.require(&#39;goog.html.SafeStyle&#39;);
<a name="line36"></a>goog.require(&#39;goog.html.SafeUrl&#39;);
<a name="line37"></a>goog.require(&#39;goog.html.TrustedResourceUrl&#39;);
<a name="line38"></a>goog.require(&#39;goog.string&#39;);
<a name="line39"></a>goog.require(&#39;goog.string.Const&#39;);
<a name="line40"></a>
<a name="line41"></a>
<a name="line42"></a>/**
<a name="line43"></a> * Performs an &quot;unchecked conversion&quot; to SafeHtml from a plain string that is
<a name="line44"></a> * known to satisfy the SafeHtml type contract.
<a name="line45"></a> *
<a name="line46"></a> * IMPORTANT: Uses of this method must be carefully security-reviewed to ensure
<a name="line47"></a> * that the value of {@code html} satisfies the SafeHtml type contract in all
<a name="line48"></a> * possible program states.
<a name="line49"></a> *
<a name="line50"></a> * TODO(user): Link to guidelines on appropriate uses.
<a name="line51"></a> *
<a name="line52"></a> * @param {!goog.string.Const} justification A constant string explaining why
<a name="line53"></a> *     this use of this method is safe. May include a security review ticket
<a name="line54"></a> *     number.
<a name="line55"></a> * @param {string} html A string that is claimed to adhere to the SafeHtml
<a name="line56"></a> *     contract.
<a name="line57"></a> * @param {?goog.i18n.bidi.Dir=} opt_dir The optional directionality of the
<a name="line58"></a> *     SafeHtml to be constructed. A null or undefined value signifies an
<a name="line59"></a> *     unknown directionality.
<a name="line60"></a> * @return {!goog.html.SafeHtml} The value of html, wrapped in a SafeHtml
<a name="line61"></a> *     object.
<a name="line62"></a> * @suppress {visibility} For access to SafeHtml.create...  Note that this
<a name="line63"></a> *     use is appropriate since this method is intended to be &quot;package private&quot;
<a name="line64"></a> *     withing goog.html.  DO NOT call SafeHtml.create... from outside this
<a name="line65"></a> *     package; use appropriate wrappers instead.
<a name="line66"></a> */
<a name="line67"></a>goog.html.uncheckedconversions.safeHtmlFromStringKnownToSatisfyTypeContract =
<a name="line68"></a>    function(justification, html, opt_dir) {
<a name="line69"></a>  // unwrap() called inside an assert so that justification can be optimized
<a name="line70"></a>  // away in production code.
<a name="line71"></a>  goog.asserts.assertString(goog.string.Const.unwrap(justification),
<a name="line72"></a>                            &#39;must provide justification&#39;);
<a name="line73"></a>  goog.asserts.assert(
<a name="line74"></a>      goog.string.trim(goog.string.Const.unwrap(justification)).length &gt; 0,
<a name="line75"></a>      &#39;must provide non-empty justification&#39;);
<a name="line76"></a>  return goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse_(
<a name="line77"></a>      html, opt_dir || null);
<a name="line78"></a>};
<a name="line79"></a>
<a name="line80"></a>
<a name="line81"></a>/**
<a name="line82"></a> * Performs an &quot;unchecked conversion&quot; to SafeStyle from a plain string that is
<a name="line83"></a> * known to satisfy the SafeStyle type contract.
<a name="line84"></a> *
<a name="line85"></a> * IMPORTANT: Uses of this method must be carefully security-reviewed to ensure
<a name="line86"></a> * that the value of {@code style} satisfies the SafeUrl type contract in all
<a name="line87"></a> * possible program states.
<a name="line88"></a> *
<a name="line89"></a> * TODO(user): Link to guidelines on appropriate uses.
<a name="line90"></a> *
<a name="line91"></a> * @param {!goog.string.Const} justification A constant string explaining why
<a name="line92"></a> *     this use of this method is safe. May include a security review ticket
<a name="line93"></a> *     number.
<a name="line94"></a> * @param {string} style The string to wrap as a SafeStyle.
<a name="line95"></a> *     contract.
<a name="line96"></a> * @return {!goog.html.SafeStyle} The value of {@code style}, wrapped in a
<a name="line97"></a> *     SafeStyle object.
<a name="line98"></a> * @suppress {visibility} For access to SafeStyle.create...  Note that this
<a name="line99"></a> *     use is appropriate since this method is intended to be &quot;package private&quot;
<a name="line100"></a> *     withing goog.html.  DO NOT call SafeStyle.create... from outside this
<a name="line101"></a> *     package; use appropriate wrappers instead.
<a name="line102"></a> */
<a name="line103"></a>goog.html.uncheckedconversions.safeStyleFromStringKnownToSatisfyTypeContract =
<a name="line104"></a>    function(justification, style) {
<a name="line105"></a>  // unwrap() called inside an assert so that justification can be optimized
<a name="line106"></a>  // away in production code.
<a name="line107"></a>  goog.asserts.assertString(goog.string.Const.unwrap(justification),
<a name="line108"></a>                            &#39;must provide justification&#39;);
<a name="line109"></a>  goog.asserts.assert(
<a name="line110"></a>      goog.string.trim(goog.string.Const.unwrap(justification)).length &gt; 0,
<a name="line111"></a>      &#39;must provide non-empty justification&#39;);
<a name="line112"></a>  return goog.html.SafeStyle.createSafeStyleSecurityPrivateDoNotAccessOrElse_(
<a name="line113"></a>      style);
<a name="line114"></a>};
<a name="line115"></a>
<a name="line116"></a>
<a name="line117"></a>/**
<a name="line118"></a> * Performs an &quot;unchecked conversion&quot; to SafeUrl from a plain string that is
<a name="line119"></a> * known to satisfy the SafeUrl type contract.
<a name="line120"></a> *
<a name="line121"></a> * IMPORTANT: Uses of this method must be carefully security-reviewed to ensure
<a name="line122"></a> * that the value of {@code url} satisfies the SafeUrl type contract in all
<a name="line123"></a> * possible program states.
<a name="line124"></a> *
<a name="line125"></a> * TODO(user): Link to guidelines on appropriate uses.
<a name="line126"></a> *
<a name="line127"></a> * @param {!goog.string.Const} justification A constant string explaining why
<a name="line128"></a> *     this use of this method is safe. May include a security review ticket
<a name="line129"></a> *     number.
<a name="line130"></a> * @param {string} url The string to wrap as a SafeUrl.
<a name="line131"></a> *     contract.
<a name="line132"></a> * @return {!goog.html.SafeUrl} The value of {@code url}, wrapped in a SafeUrl
<a name="line133"></a> *     object.
<a name="line134"></a> * @suppress {visibility} For access to SafeUrl.create...  Note that this
<a name="line135"></a> *     use is appropriate since this method is intended to be &quot;package private&quot;
<a name="line136"></a> *     withing goog.html.  DO NOT call SafeUrl.create... from outside this
<a name="line137"></a> *     package; use appropriate wrappers instead.
<a name="line138"></a> */
<a name="line139"></a>goog.html.uncheckedconversions.safeUrlFromStringKnownToSatisfyTypeContract =
<a name="line140"></a>    function(justification, url) {
<a name="line141"></a>  // unwrap() called inside an assert so that justification can be optimized
<a name="line142"></a>  // away in production code.
<a name="line143"></a>  goog.asserts.assertString(goog.string.Const.unwrap(justification),
<a name="line144"></a>                            &#39;must provide justification&#39;);
<a name="line145"></a>  goog.asserts.assert(
<a name="line146"></a>      goog.string.trim(goog.string.Const.unwrap(justification)).length &gt; 0,
<a name="line147"></a>      &#39;must provide non-empty justification&#39;);
<a name="line148"></a>  return goog.html.SafeUrl.createSafeUrlSecurityPrivateDoNotAccessOrElse_(url);
<a name="line149"></a>};
<a name="line150"></a>
<a name="line151"></a>
<a name="line152"></a>/**
<a name="line153"></a> * Performs an &quot;unchecked conversion&quot; to TrustedResourceUrl from a plain string
<a name="line154"></a> * that is known to satisfy the TrustedResourceUrl type contract.
<a name="line155"></a> *
<a name="line156"></a> * IMPORTANT: Uses of this method must be carefully security-reviewed to ensure
<a name="line157"></a> * that the value of {@code url} satisfies the TrustedResourceUrl type contract
<a name="line158"></a> * in all possible program states.
<a name="line159"></a> *
<a name="line160"></a> * TODO(user): Link to guidelines on appropriate uses.
<a name="line161"></a> *
<a name="line162"></a> * @param {!goog.string.Const} justification A constant string explaining why
<a name="line163"></a> *     this use of this method is safe. May include a security review ticket
<a name="line164"></a> *     number.
<a name="line165"></a> * @param {string} url The string to wrap as a TrustedResourceUrl.
<a name="line166"></a> *     contract.
<a name="line167"></a> * @return {!goog.html.TrustedResourceUrl} The value of {@code url}, wrapped in
<a name="line168"></a> *     a TrustedResourceUrl object.
<a name="line169"></a> * @suppress {visibility} For access to TrustedResourceUrl.create...  Note that
<a name="line170"></a> *     this use is appropriate since this method is intended to be
<a name="line171"></a> *     &quot;package private&quot; withing goog.html.  DO NOT call SafeUrl.create... from
<a name="line172"></a> *     outside this package; use appropriate wrappers instead.
<a name="line173"></a> */
<a name="line174"></a>goog.html.uncheckedconversions.
<a name="line175"></a>    trustedResourceUrlFromStringKnownToSatisfyTypeContract =
<a name="line176"></a>    function(justification, url) {
<a name="line177"></a>  // unwrap() called inside an assert so that justification can be optimized
<a name="line178"></a>  // away in production code.
<a name="line179"></a>  goog.asserts.assertString(goog.string.Const.unwrap(justification),
<a name="line180"></a>                            &#39;must provide justification&#39;);
<a name="line181"></a>  goog.asserts.assert(
<a name="line182"></a>      goog.string.trim(goog.string.Const.unwrap(justification)).length &gt; 0,
<a name="line183"></a>      &#39;must provide non-empty justification&#39;);
<a name="line184"></a>  return goog.html.TrustedResourceUrl.
<a name="line185"></a>      createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse_(url);
<a name="line186"></a>};
</pre>


</body>
</html>
